Category: Webmail

Let’s face it. We all make mistakes. At one time or another, most of us have gotten a little hasty with the Send button when composing an email, and sent it to the wrong Frank Thomas, accidentally CC’d the customer in an inter-office communication, or realized the email was probably not such a good idea in the first place. These examples can be quite embarrassing, but other mistakes can result in legal trouble for you or your company. For example, healthcare providers can violate HIPAA regulations by sending an email containing protected health information (PHI) to the wrong person. Penalties for these HIPAA violations can be steep, ranging from $50,000 to $1.5 million.

To avoid these situations, your email solution should have a feature that lets you delay delivery of a message. With MDaemon Webmail, message scheduling options are just a mouse click away.

“This is all great, but why would I want to delay delivery of an important email message?”

There are many reasons why one might want to defer delivery of an email message.

Delaying message delivery for an hour or even a few minutes gives you time to take a break from it and review it with a refreshed perspective – providing another opportunity to catch errors you might have missed before.

Some email conversations go back and forth too quickly, so you might respond before you have all the information or ask questions that are already answered in the next message. Deferred delivery allows you to slow the process down so you’re not having to play email tag.

Deferred delivery can help prevent you from sending an angry email response during heated discussions. Allowing yourself a little extra time to re-think your message or to cancel the message altogether can help prevent a great deal of workplace conflict.

For companies that operate globally, deferred delivery allows users to schedule messages for delivery during peak business hours in the recipient’s country, increasing the likelihood that it will be seen.

We demonstrate how to defer delivery of an email message in MDaemon Webmail in this week’s tutorial video.

Most of us don’t wake up thinking about email, but without it, business communications would be set back at least 20 years. We rely on email for many basic business functions, so we want email management features that simplify communications & make collaboration easier and more efficient.

With MDaemon Webmail, users can perform a variety of tasks via the Options menu. But, following the theme of making things easier, did you know you can perform many of these same tasks with the click of the right mouse button without leaving your Inbox?

On Monday, May 14th, the Electronic Frontier Foundation (EFF) reported that European researchers had discovered core problems and commonplace implementation flaws in the S/MIME and OpenPGP protocol specifications. The vulnerability, which the researchers have described as EFAIL, can reportedly expose the content of encrypted emails (even messages sent in the past) to be viewed. The EFAIL vulnerability affects many email clients that use S/MIME and OpenPGP. There is a list of email clients with vulnerabilities by protocol in an article posted at thehackernews.com.

It’s very important to understand that to be at risk for this vulnerability, attackers would need access to your emails. This means that your email system has been compromised by an attacker who has access to the encrypted emails through tactics such as eavesdropping on network traffic (also known as a man-in-the-middle (MITM) attack), compromised email accounts, access to email servers, backup systems or client computers, usually achieved through social engineering attacks, such as Phishing and other tactics.

We have checked our own web-based email client (MDaemon Webmail) and our MDaemon OpenPGP-based encryption feature. Our results show that MDaemon Webmail is not vulnerable. However, the MDaemon email server OpenPGP feature is partially vulnerable to one implementation flaw. We have released a patch for affected versions of MDaemon email software, which can be found here. The current version of the MDaemon email server, v18.0.1, includes this fix.

A Reminder on the Best Email Security Practices

This latest issue should remind us all about the importance of email security practices as a whole. Implementing strong passwords, two-factor authentication, location screening, SSL/TLS, SMTP AUTH, IP Shielding, dynamic screening, freezing accounts after failed authentication attempts, all play a role in helping to keep your accounts and your email safe. You can review a list of email security features in MDaemon here.

If you’ve implemented security to help protect malicious people from accessing your email accounts, then you are less likely to have an account compromised and you will be better protected against these types of attacks and vulnerabilities.

Ongoing Monitoring

While the researchers go into some depth to expose issues deep within the S/MIME and OpenPGP specification documents, these encryption protocols may need specification changes to address the longer-term issues mentioned in the initial report. MDaemon Technologies will continue to monitor this issue.

Additional Resources

We have provided links to past blog posts that cover a number of email security topics to provide additional information:

Whether you work in healthcare, finance, education, or another highly regulated industry, it’s likely that you’re required to meet increasingly stringent regulations on email security and privacy, such as the General Data Protection Regulation (GDPR). But even if these strict requirements do not apply to your industry, you still want to maintain customer trust by ensuring their confidential data is safe.

To address these concerns, MDaemon offers email encryption using OpenPGP.

In the past, implementations of OpenPGP have been cumbersome, requiring users to manually exchange encryption keys or to take complex steps to send encrypted messages. With MDaemon, in addition to providing various ways to automate the encryption key exchange and server-side encryption processes, MDaemon Webmail users can easily enable per-message encryption right from within the message compose window.

Here’s a quick video to demonstrate how easy it is to encrypt messages in MDaemon Webmail.

MDaemon’s webmail client is loaded with a variety of features for organization, collaboration and security. As a daily user of MDaemon Webmail (I use it almost exclusively instead of my desktop email client), I like to keep important messages organized so I can find them later. This is made easy with message categories (in addition to follow-up flags). Within the MDaemon webmail client, you’ll find a variety of built-in categories, or you can create your own custom categories. Multiple categories can be assigned to a message, and messages can be arranged by category, keeping all of your important messages in one, easy-to-find place.

If you’re like me, you like shortcuts that make life easier when performing common tasks. For example, if you work in finance or accounting, wouldn’t it be nice to be able to pull up all emails with the word “invoice” with a single mouse click? Well now you can. With the latest release of MDaemon, we introduced search folders in MDaemon Webmail. This week’s 30-Second Email Tips video will walk you through the setup process.

Search folders were added in MDaemon 17.5.1. If you’re running an older version of MDaemon, you could be missing out on some great new features!

If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook, Thunderbird or Eudora, MDaemon’s webmail client has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in MDaemon’s web-based email client is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcuts drop-down menu, as shown here:

MDaemon’s webmail client lets you continue using the same keyboard shortcuts found in your favorite email client!

More information on this feature can be found in the following page from our online manual:

If you have questions or comments about this feature, let us know! If you’re not an MDaemon user, but would like to learn more about its features, visit the MDaemon product page and have a look around!

We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

Something you know

Something you own

Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

An ATM card (something you own) and a PIN (something you know)

A credit card (something you own) and a zip code (something you know)

A phone (something you own) and a fingerprint (something you are)

MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

It provides an extra layer of defense when a password isn’t strong enough.

It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.

It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.

It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!

With the prevalence of data-destroying malware, more businesses are using an archiving solution such as MailStore to create backup copies of all email communications. Archiving is crucial for recovery when the unexpected disaster strikes, and useful for e-discovery and meeting legal requirements & regulations. I’ve written this article to help explain the value of archiving and why it’s so important:

For end-users, it’s important to have easy access to your archived messages, with the ability to search through your archives based on key words. With the addition of a custom button in the WorldClient toolbar that points to the MailStore login screen (performed by the MDaemon administrator), users can access their archive and perform a search in three easy steps. I’ll show you how in the following video:

MailStore works with virtually all email platforms and clients, and is the recommended choice for small-to-medium businesses worldwide. If you have questions or would like a personal demo, leave a comment below & let me know!

In MDaemon 17, we added support for DropBox integration for WorldClient, MDaemon’s web-based email client. Now, users can easily save attachments in inbound messages to their DropBox account, or insert links to their DropBox files in outbound attachments. Because files are stored in DropBox and not on the mail server, disk space and bandwidth are reduced.

We’ve put together the following tutorial video to help you get started with WorldClient’s DropBox file sharing features.

Step-by-step instructions can be found in the following knowledge base article: